Various related technologies are known concerning a security technology.
Patent document 1 discloses an information security measures decision support device, indicated below.
The information security measures decision support device receives an input of attribute information of a diagnosis target system. Consecutively, the information security measures decision support device refers to such as a list of threats or relation between the threats and security measures (hereinafter, described simply as ‘measures’) and finds out problems on information security included in the diagnosis target system. Here, the list of threats is one generated on the basis of a security event transition model which is a structured procedure of an operation of illegal accesses.
Next, the information security measures decision support device presents patterns for measures to keep the information security of the diagnosis target system.
Also, the information security measures decision support device refers to a list of measures which indicates cost and effects of each measure and calculates, for each measure found out, the cost that the measure needs, the effects in case the measure is performed, residual risk and so on. And the information security measures decision support device selects and presents a measure for matching a request on the basis of this calculation result. The measure for matching the request is such as: an example of the measure which minimizes the cost and can secure required strength of the measure, an example of the measure which makes performance per cost maximum, and an example of the measure which disregards the cost and maximizes strength of the security measure.
Patent document 2 discloses an integrated system security design method, indicated below.
The integrated system security design method of patent document 2 is a security design method related to a site and an information system which conform to two standards of International security standard ISO17799 (ISMS (Information Security Management System)) and ISO15408 (CC (Common Criteria)).
A security design support device which implements the integrated system security design method receives, concerning a certain site, an input of information of a property group which becomes a target of security.
Next, the security design support device displays the inputted information of the property group. Then the security design support device receives an input of ‘information of property’ of the information system corresponding to each property group.
Next, the security design support device displays the inputted information of the property group. Then the security design support device receives an input of ‘information of threats of site’ concerning each property group.
Next, the security design support device displays, on the basis of a corresponding relationship between the property group and the property, the inputted ‘information of threats of site’ and the ‘information of property’ concerning the property group. Then the security design support device receives an input of ‘information of threats of information system’ concerning the property.
Next, the security design support device displays the inputted ‘information of threats of site’. Then the security design support device receives an input of ‘measures policy of site’ concerning each of the threats of site.
Next, the security design support device displays, on the basis of a corresponding relationship between the ‘information of threats of site’ and the ‘information of threats of information system’, the ‘measures policy of site’ which was inputted corresponding to the ‘information of threats of site’ and the ‘information of threats of information system’. Then the security design support device receives an input of ‘measures policy of information system’ concerning each of the threats of information system.
Next, the security design support device displays the inputted ‘measures policy of site’ and displays an upper-level measures standard by referring to a measures standard mapping table. Then, the security design support device receives a selection input of the upper-level measures standard concerning the selected ‘measures policy of site’. Here, the measures standard mapping table is a table which stores a corresponding relationship between the upper-level measures standard conforming to the ISMS and a lower-level measures standard conforming to the CC.
Next, the security design support device displays, on the basis of a corresponding relationship between the ‘measures policy of site’ and the ‘measures policy of information system’, the ‘measures policy of information system’ corresponding to the selected ‘measures policy of site’. Next, the security design support device displays the upper-level measures standard which are selected corresponded to the ‘selected measures policy of site’ and the lower-level measures standard which has the corresponding relationship in the measures standard mapping table. Then, the security design support device receives a selection input of the lower-level measures standard concerning the selected ‘measures policy of information system’.
Next, the security design support device generates and outputs security specifications conforming to the ISMS and security specifications conforming to the CC according to the corresponding relationships including those correspondences from the correspondence of the information of the property group and the information of the property until the correspondence of the selected upper-level measures standard and the selected lower-level measures standard.